[Security] About the Firefox 3 Security Dialog & others

Dirk Meyer dmeyer at tzi.de
Sat Aug 23 04:04:48 CDT 2008


Jonathan Schleifer wrote:
> m 23.08.2008 um 00:20 schrieb Dirk Meyer:
>
>>> Woudln't that mean an attacker could chose the question and chose one
>>> to which he knows the answer because it's not so secret? If an
>>> attacker does that with both ends, he has won, because he selected
>>> the
>>> question. Correct me if I'm wrong.
>>
>> No correction, you are right. The riddle is a stupid idea.
>
> So we should go for SAS, I think. 

SAS does not work for me when I use bots. It also reduces it to one
way removing the option of X.509 certificates which is something I
need.

> Having a 32-bit SAS encoded with Mnemonics (like already suggested
> here) really sounds like a great idea.

Why not encode a key fingerprint with Mnemonics? Looks like the same
to the user.


Dirk

-- 
BREAKFAST.COM halted... cereal port not responding!


More information about the Security mailing list